Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following indicators helps incident responders detect cloud security incidents?

  1. Large number of requests for the same file type

  2. Increased server downtime

  3. Unusual user account creation

  4. High latency in data retrieval

The correct answer is: Large number of requests for the same file type

A large number of requests for the same file type can be a critical indicator for incident responders in the context of cloud security incidents. When there is an unexpected surge in requests for a particular file type, it may signal malicious activity such as attempts to exploit vulnerabilities, unauthorized access, or actions taken by adversaries to exfiltrate sensitive data. Monitoring request patterns is essential for identifying potential security breaches, especially in a cloud environment where resources are shared and scaling can artificially mask unusual activity. This indicator allows responders to delve deeper into the cause of the spikes, for example, whether they are due to a legitimate increase in usage or something more sinister, like a Distributed Denial of Service (DDoS) attack aimed at saturating resources. In contrast, while increased server downtime could suggest underlying issues, it doesn't specifically point to a security incident on its own. Similarly, high latency in data retrieval indicates performance problems, which might not be directly related to a security event. Unusual user account creation can certainly indicate potential account compromise or insider threats, but it is not as immediately aligned with external attack patterns as request volumes are. Therefore, the focus on request volume provides a clear, actionable signal indicating possible security incidents.

More Questions Like This